Description

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to v2.4.10 and v1.6.32 , files uploaded by users to Nautobot's MEDIA_ROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint that was not enforcing user authentication. As a consequence, such files can be retrieved by anonymous users who know or can guess the correct URL for a given file. Nautobot v2.4.10 and v1.6.32 address this issue by adding enforcement of Nautobot user authentication to this endpoint.

INFO

Published Date :

2025-06-10T15:43:59.225Z

Last Modified :

2025-06-10T18:12:01.967Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-49143 vulnerability.

Vendors Products
Networktocode
  • Nautobot
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-49143.

URL Resource
https://github.com/nautobot/nautobot/commit/9c892dc300429948a4714f743c9c2879d8987340 cve-icon cve-icon
https://github.com/nautobot/nautobot/commit/d99a53b065129cff3a0fa9abe7355a9ef1ad4c95 cve-icon cve-icon
https://github.com/nautobot/nautobot/pull/6672 cve-icon cve-icon
https://github.com/nautobot/nautobot/pull/6703 cve-icon cve-icon
https://github.com/nautobot/nautobot/security/advisories/GHSA-rh67-4c8j-hjjh cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact